CVE-2026-27752

SODOLA SL902-SWTGW124AS <= 200.1.20 Cleartext Credential Transmission

CVSS 8.2 HIGHEPSS 0.2%CWE-319

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) · SODOLA SL902-SWTGW124AS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-cleartext-credential-transmission